- 论坛徽章:
- 0
|
1. tcp--wrappers : 保护ssh vsftpd portmap telnet 等小服务的 基于内核的 vim :wq 后立即生效 而像dhcp里面的blackhole trusted untrusted 则是用来针对http 大一点儿的服务
2. 包:tcp_wrappers-libs-7.6-56.3.el6.i686 默认是安装的
3. 配置文件: /etc/host* -rw-r--r--. 1 root root 26 Jan 12 2010 host.conf -rw-r--r--. 1 root root 131 Jun 7 10:26 hosts -rw-r--r--. 1 root root 370 Jan 12 2010 hosts.allow -rw-r--r--. 1 root root 460 Jan 12 2010 hosts.deny
4. # vim hosts.allow # # hosts.allow This file contains access rules which are used to # allow or deny connections to network services that # either use the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # vsftpd, sshd: ALL EXCEPT 192.168.0.11/255.255.255.0 .redhat.com 多个服务之间用逗号隔开 多个域名 ip 之间 一般都是用 空格隔开
|
|